Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rules: Add rules for yum commands, #470 #471

Merged
merged 1 commit into from Oct 6, 2020
Merged

Rules: Add rules for yum commands, #470 #471

merged 1 commit into from Oct 6, 2020

Conversation

m-ildefons
Copy link
Collaborator

Add four rules for yum commands warning on bad practices:

  • yum update
  • yum install without non-interactive flag -y
  • yum install -y <pkg> without version pinning
  • yum install ... without also cleaning up with yum clean all

These four rules are accompanied by test for each rule.
Also included is a new helper function Shell.anyCommands.

What I did

Add four rules for linting yum commands in RUN layers. These four rules check for common mistakes and bad-practices with yum in Dockerfiles.
This PR is related to #470, but does not suffice to close it since zypper and dnf checks are still missing.

How I did it

I expanded the Rules.hs file. I also added a new helper function in the Shell.hs file: Shell.anyCommands that works like Shell.allCommands, except it matches on any instead of all commands in a shell line.

How to verify it

Run the test suite, or run hadolint on this Dockerfile:

FROM centos:8
RUN yum update
RUN yum install httpd
RUN yum install -y tomcat
RUN yum install -y mariadb-10.4
RUN yum install -y php-7.2 && yum clean all

The FROM and the last RUN yum install.. line will not produce warnings and the other lines will each trigger a different combination of warnings for yum.

@lorenzo
Copy link
Member

lorenzo commented Oct 6, 2020

looking great! I wonder why the travis build did not start

@lorenzo
Copy link
Member

lorenzo commented Oct 6, 2020

some tests are failing too, but they seem easy to fix

Rules: Add rules for yum commands, hadolint#470
feeebb1 
Add four rules for `yum` commands warning on bad practices:

  * `yum update`
  * `yum install` without non-interactive flag `-y`
  * `yum install -y <pkg>` without version pinning
  * `yum install ...` without also cleaning up with `yum clean all`

These four rules are accompanied by test for each rule.
Also included is a new helper function `Shell.anyCommands`.
@m-ildefons
Copy link
Collaborator Author

Thanks. I fixed the overzealous clean all rule. Now it should no longer falsely flag RUN layers that don't even contain yum commands.

@lorenzo
Copy link
Member

lorenzo commented Oct 6, 2020

@m-ildefons Would you mind adding the corresponding wiki pages for the new DL codes? I think they can just be compies of the similar codes for apt

@lorenzo
Copy link
Member

lorenzo commented Oct 6, 2020

Thanks so much for your contribution!

@lorenzo lorenzo merged commit a789892 into hadolint:master Oct 6, 2020
lorenzo
lorenzo reviewed Oct 6, 2020
View reviewed changes
src/Hadolint/Rules.hs
where
code = "DL3033"
severity = WarningC
message = "Sepcify version with `yum install -y <package>-<version>`."
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ah, I merged too quickly and I just found this is a typo Sepcify @m-ildefons

@m-ildefons m-ildefons mentioned this pull request Oct 6, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lorenzo lorenzo lorenzo left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@m-ildefons @lorenzo